{"id":4963,"date":"2019-04-12T15:08:50","date_gmt":"2019-04-12T15:08:50","guid":{"rendered":"https:\/\/fintech.global\/globalpaytechsummit\/?p=4963"},"modified":"2019-04-12T15:08:50","modified_gmt":"2019-04-12T15:08:50","slug":"how-is-gdpr-impacting-insurance-firms-and-what-are-they-doing-to-ease-compliance","status":"publish","type":"post","link":"https:\/\/fintech.global\/globalpaytechsummit\/how-is-gdpr-impacting-insurance-firms-and-what-are-they-doing-to-ease-compliance\/","title":{"rendered":"How is GDPR impacting insurance firms and what are they doing to ease compliance?"},"content":{"rendered":"<div class=\"disableRightClick\"><video poster=\"http:\/\/member.regtechanalyst.com\/wp-content\/uploads\/2019\/04\/Untitled.png\" controls=\"controls\" width=\"100%\" height=\"400\"><source src=\"http:\/\/member.regtechanalyst.com\/wp-content\/themes\/regtech-theme\/video\/PANELDISCUSSIONOVERCOMINGREGULATORY.mp4\" type=\"video\/mp4\" \/><\/video><\/div>\n<p><strong>GDPR has not just been burdensome on financial services, but offered new opportunities, whether it\u2019s getting firms to actually understand their data or even improving existing regulations, according to a panel at the Global InsurTech Summit 2019.<\/strong><\/p>\n<p>There is an unprecedented level of regulations entering the market, stretching financial institutions resources further than ever. Typically, regulations are met with a lot of negativity and how they will impact a business severely; however, in the end they offer a lot of benefits for consumers, but also the institutions. The panel at the Global InsurTech Summit, which included senior staff from AutoRek, SCOR, Direct Line, and Theta Lake, discussed the regulations impacting insurance firms and how they\u2019re being received.<\/p>\n<p>GDPR has probably been the most notorious regulation over the past couple of years, and it has big implications across the entire financial world. We are quickly approaching the year anniversary of GDPR and while fear levels were astronomical on its launch, the year passed rather smoothly. When the regulation deployed on 25<sup>th<\/sup>\u00a0May 2018, firms across Europe were worried by the magnitude of the task to protect all their data and cope with endless streams of information requests. However, information requests were not as abundant and the major firms were the only ones in the regulators eyesight on launch, and in large, had their systems ready. As time passes, regulators expectations of GDPR compliance will be higher and fines will likely increase as well, but the regulation has not just brought challenges, but offered some improvements.<\/p>\n<p>Priscilla Courn\u00e8de, head of group prudential and regulatory developments at SCOR said, \u201cGDPR is an improvement in the regulation processes. In France what we appreciate about GDPR is that it removed our obligation to get an authorization from the authority when we use data. Sure it\u2019s a burden, but there\u2019s some sort of improvement with this regulation compared to the past where we had to wait for months before we could get authorization from the French regulator.\u201d<\/p>\n<p>One of the added bonuses of GDPR is that it has forced financial institutions to acknowledge the information they have about consumers, rather than just storing it and losing it in a system. While this might not seem like much of a benefit, data has become such a powerful tool for companies to improve how they interact with a consumer. Legacy systems or isolated databases have hindered an institution\u2019s ability to access their data for a long time, but now it is also preventing AI technologies from reaching their full potential as they simply cannot leverage all of the data a firm has. As you would expect, this requires a hefty amount of changes to the infrastructure of an institution\u2019s operations, particularly regarding communications and customer interactions.<\/p>\n<p>Theta Lake founder and CEO Devin Redmond said, \u201cOne of the reasons why GDPR is front and centre is because it changes the approach to a lot of things. It\u2019s not a lie to say that a lot of organizations have had very straight forward policies to data retention for communication requirements. If I\u2019m supposed to archive and store it, I\u2019m probably not really looking at it. I just capture it and check I\u2019ve met that obligation from a MiFID perspective or a Dodd Frank or a SEC 17a-4 perspective. With GDPR, you run into this additional requirement that shifts that whole mindset, because now I actually need to know what\u2019s inside of that data, and that will force me to figure out how I have to handle it.\u201d<\/p>\n<p>He continued to explain that GDPR is helping to ensure institutions keep up with things they should already be doing. At many organisations, the concept of archiving has typically been that you keep information for five years and then remove it, but most of this data is still there simply because it got lost. Now they\u2019re forced to know what they have and store it properly, improving data privacy, as well as cyber risk.<\/p>\n<p>David Baker, director of group regulatory risk and compliance, Direct Line Group agreed that GDPR has brought with it a lot more transparency with data. Although, he believes data protection has been driven more by cyber threats, than requirements of regulations.<\/p>\n<p>He said, \u201cIt strikes me that over the last couple of years, barely a week goes by without seeing a firm losing data or a firm using data in a way that it shouldn\u2019t have done. And it gets called out and it gets a load of brand damage and reputation damage and sometimes litigation. GDPR raises that higher because the fines now are not half a million pounds in the UK, they are 4% of your turnover. So, it definitely focuses minds. But actually, I think we\u2019re in a world now, which is so interconnected, that is so driven through digital means and the need of cybersecurity means you can\u2019t really be a serious player unless you\u2019ve got an answer to protecting your crown jewels, which is your customer data and information. So, it makes good sense. I think regulations are catching up with that. I think businesses have kind of recognized the need to do this sometime ago.\u201d<\/p>\n<p>Clarity has been the biggest success for GDPR, and consumers are beginning to realise they have control of their data and do not just need to bend to the will of an organisation. Access requests have been available in the past, but now a business must clearly demonstrate the information they give a consumer is really everything they have. Companies now need consent for how they will use data and are clearly showcasing what data is being used for and ensure it will not be used in another unspecified manner. This does not come with problems, as access requests need to be completed quickly and differentiation needs to be made between significant and less significant data. Going one step further, data protection regulations differ around the world, and getting a system compliant with one could be completely different to somewhere else.<\/p>\n<p>Priscilla Courn\u00e8de added, \u201cOne thing we are struggling with is that the regulations around data protection and data privacy are very different from one country to another one. And so, we are talking about GDPR in the European Union, but you have different regulations in the States, in Asia, and that\u2019s a challenge for us, as we insure globally. Our market is really the world and not one country, or a couple of countries and the multiplicity of regulations on one topic is really a challenge for us.\u201d<\/p>\n<p><strong>Regulators role in compliance<\/strong><\/p>\n<p>When firms are preparing for new regulations, regulators are often put in the firing line for not offering the right support, but they are not at fault. The panel all agreed that regulators have been doing a very good job with regulations and if firms want to ease compliance, the key is getting hands-on involved with the regulators as early as possible.<\/p>\n<p>Devin Redmond stated that with regulations like MiFID II or Dodd-Frank, which are both focused around communication environments, it is hard to keep up with compliance alone just because communication is changing so quickly. Since these regulations were deployed the tools available have changed, for example, Twitter and Instagram adding video tools.<\/p>\n<p>He said, \u201cRegulators are trying hard to keep up with the spirit of communications. I know it creates an administrative burden for everybody in a lot of different ways, but the reality is they understand there are more and more ways that consumers and clients can be harmed, and they\u2019re trying to put guard rails in place and they\u2019re trying to keep ahead of all the things that could eventually affect downstream on those consumers. So, they\u2019re working hard at that and I think that\u2019s something that affects all of us, but it is really important.\u201d<\/p>\n<p>The UK\u2019s Financial Conduct Authority was one of the bodies which Redmond had praise for, commending their \u201cforward thinking in terms of creating the Sandbox, and creating an opportunity to get introduced to RegTech.\u201d Other regulators are following suit, building sandboxes and innovation centres to support the adoption of RegTech solutions. Priscilla Courn\u00e8de agreed that the sooner and institution gets involved with a regulator the better it is.<\/p>\n<p>She added, \u201cFor Solvency II we engaged with them early and they really want to understand what we did. Approval for the internal models we used to calculate the solvency of the group took us four years to get. It took a while for our supervisors to understand the model, but that was really worth it and we really appreciated the challenge they gave us and the feedback they gave us on our model.\u201d<\/p>\n<p>One distinction she made was that in France the regulators and the supervisors are very separate entities and its important to coordinate with both to ensure the smoothness of compliance.<\/p>\n<p>David Baker said, \u201cI\u2019d totally agree to engaging early on is really important, particularly for technology providers where you\u2019re trying to disrupt the market or doing something slightly differently. Where that involves sort of a different interpretation of the rules, the policies of the precedent, absolutely engage early.\u00a0 And that is with the policymakers and the supervisors and the supervisory approach, because it can often vary by different parts of the landscape of supervision. Those that supervise even big insurers versus small insurers for example, or life insurers versus general insurers could interpret it slightly different.\u201d<\/p>\n<p>&nbsp;<\/p>\n<p class=\"highlight\">Copyright \u00a9 2019 RegTech Analyst<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GDPR has not just been burdensome on financial services, but offered new opportunities, whether it\u2019s getting firms to actually understand their data or even improving existing regulations, according to a panel at the Global InsurTech Summit 2019. There is an unprecedented level of regulations entering the market, stretching financial institutions resources further than ever. Typically,&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/fintech.global\/globalpaytechsummit\/how-is-gdpr-impacting-insurance-firms-and-what-are-they-doing-to-ease-compliance\/\" class=\"gdlr-info-font excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":10,"featured_media":4964,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/posts\/4963"}],"collection":[{"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/comments?post=4963"}],"version-history":[{"count":0,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/posts\/4963\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/media\/4964"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/media?parent=4963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/categories?post=4963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/globalpaytechsummit\/wp-json\/wp\/v2\/tags?post=4963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}